Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    [SOLVED] Can't acces LDAP through IPsec

    Scheduled Pinned Locked Moved IPsec
    7 Posts 3 Posters 2.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      a.lefebvre
      last edited by

      Hello,

      I'm kinda new to pfSense and i didn't found any information on that so i decided to open a subject here :

      I have two pfsense connected with IPsec successfully. Each of them sharing some LAN network.

      I want my pfsense2 to be able to connect to a ldap server on the lan of the pfsense1 but it seems i can't reach it.

      If i try to make a ping from pfsense2 to the ldap server i can't acces it with the source address as Default. If i use the LAN card of my pfsense2 as the source IP it's working.

      So i'm guessing pfsense use a wrong IP as default (maybe wan address?) when he tries to connect to the LDAP server. How can i change this behavior ?

      I tried a nat rule but not working either. (the ldap IP is within the 172.20.0.0/16 subnet)

      1 Reply Last reply Reply Quote 0
      • K
        kapara
        last edited by

        What about Windows firewall?

        Skype ID:  Marinhd

        1 Reply Last reply Reply Quote 0
        • A
          a.lefebvre
          last edited by

          The firewall of the server is disabled, nothing is blocking on the server side i guess.

          The issue i think is how pfSense choose his IP to access to the server through IPsec. I already had a similar issue with others Firewall, they gave a command to set the IP the firewall should use to connect to a remote ldap server. Is pfSense able to do the same thing ?

          Regards,

          Alexandre.

          1 Reply Last reply Reply Quote 0
          • K
            kapara
            last edited by

            For testing purposes what if you make all values in IPSec rule *

            Skype ID:  Marinhd

            1 Reply Last reply Reply Quote 0
            • A
              a.lefebvre
              last edited by

              This is actually * (at least on the source)

              I can't see any trafic from the source pfsense on the remote pfsense.

              Seems like the source pfsense isn't sending the trafic on the IPSec tunnel at all when the trafic is originating from the default interface on the pfsense. Computer behind the source pfsense can't access properly to the remote network on the remote pfsense.

              I'm able to ping the LDAP server when i specified the LAN interface from the pfSense. But i can't when i'm using the default one see :

              DEFAULT :

              LAN interface :

              1 Reply Last reply Reply Quote 0
              • jimpJ
                jimp Rebel Alliance Developer Netgate
                last edited by

                https://doc.pfsense.org/index.php/Why_can't_I_query_SNMP,_use_syslog,_NTP,_or_other_services_initiated_by_the_firewall_itself_over_IPsec_VPN%3F

                Same idea, just reverse direction. Might also be able to work around it with a P2 for Firewall WAN IP<->IP of LDAP server

                Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                Need help fast? Netgate Global Support!

                Do not Chat/PM for help!

                1 Reply Last reply Reply Quote 1
                • A
                  a.lefebvre
                  last edited by

                  This is totally what i needed.

                  It works perfectly.

                  :)

                  Thanks for your reply jimp.

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.